Scribd Logo
Upload

Welcome to Scribd!

  • O A - B V I C: N THE Effectiveness OF Ssertion Ased Erification IN AN Ndustrial Ontext

    Uploaded by

    hello860
    13 views17 pages
    ABV

    Original Title

    Pierre

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ABV

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views17 pages

    O A - B V I C: N THE Effectiveness OF Ssertion Ased Erification IN AN Ndustrial Ontext

    Uploaded by

    hello860
    ABV

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    ON THE EFFECTIVENESS OF

    ASSERTION-BASED VERIFICATION
    IN AN INDUSTRIAL CONTEXT

    L.Pierre, F.Pancher, R.Suescun, J.Quvremont


    TIMA Laboratory, Grenoble, France
    Dolphin Integration, Meylan, France
    Thales Communications & Security, Gennevilliers, France

    INTRODUCTION
    What

    can be the benefits of Assertion-Based


    Verification - and of synthesizable assertion
    checkers - in an industrial context?

    Outline:

    What is Assertion-Based Verification?

    A few words about the synthesizable checkers


    Formalization and verification of requirements for an
    actual HDLC controller IP

    Return of experience, benefits of the formalization steps,


    properties violations
    Characteristics of the generated hardware assertion checkers
    2
    FMICS'2013

    INTRODUCTION - ABV ?
    Assertion:

    statement about the intended behaviour or


    a requirement of the design
    Temporal logics: CTL, LTL,
    Specification languages: SVA (IEEE Std 1800),
    PSL (IEEE Std 1850)

    Assertion-Based

    Verification: does the design obey


    these temporal assertions?
    Static analysis (model checking)
    Dynamic verification (during simulation)

    3
    FMICS'2013

    INTRODUCTION - ABV ?
    Assertion:

    statement about the intended behaviour or


    a requirement of the design
    Temporal logics: CTL, LTL,
    Specification languages: SVA (IEEE Std 1800),
    PSL (IEEE Std 1850)

    Assertion-Based

    Verification: does the design obey


    these temporal assertions?
    Static analysis (model checking)
    Dynamic verification (during simulation)

    4
    FMICS'2013

    INTRODUCTION - ABV ?
    Static

    vs dynamic verification

    Circuit
    description

    Formal
    model
    Formal
    proof tool

    Formal
    specification

    Circuit
    description

    Simulator / FPGA
    prototyping

    Formal
    specification

    Specification
    satisfied?

    Simulation/emulation
    results + property
    satisfaction/violation

    Stimuli
    5
    FMICS'2013

    ASSERTION CHECKERS
    PSL

    associated with VHDL RTL descriptions

    Logic and temporal properties on the signals of the design


    Example:

    DATA_OUT

    DATA_IN

    SENDING
    NODE

    DATA
    TRANSLATION
    VALID_DATA

    START

    RECEIVING
    NODE

    READY
    ERROR
    END

    RST EN STOP

    default clock = (posedge clk);


    always(END ->
    next (START before ERROR))

    ERROR
    END

    START

    6
    FMICS'2013

    ASSERTION CHECKERS

    ERROR
    END

    START

    always(END -> next (START before ERROR))

    Checker

    PSL assertion
    7
    FMICS'2013

    ASSERTION CHECKERS
    Simulation

    of the design under verification connected


    to the assertion checkers:
    Design

    Checkers

    Valid = 0 -> violation

    FPGA

    prototyping with the checkers


    8
    FMICS'2013

    ASSERTION CHECKERS
    Compositional

    construction

    Formally
    proven

    Example:
    always (Req -> (Busy until! Ack))

    http://tima.imag.fr/vds/Horus/
    http://www.dolphin.fr/medal/products/smash/options/smash_SVA.php
    9
    FMICS'2013

    CASE STUDY
    HDLC

    (High-level Datalink Control) controller IP

    10
    FMICS'2013

    CASE STUDY
    Documents

    VHDL source files and user guide


    Requirements specification

    About

    20 requirements

    Nominal behaviour
    Start and end of frames - Example: The receiver shall activate the
    signal EndOfFrame when it is outputting the last byte of a frame
    Transparency

    Idle mode - Example: While disabled (idle mode), the transmitter


    shall send flags or partial flags

    Abort
    ...

    11
    FMICS'2013

    CASE STUDY
    Example:

    while disabled (idle mode), the transmitter


    shall send flags or partial flags

    !property HDLC_240:
    always({!TXLASTBIT &&
    |=> {{!TXDOUT &&
    !TXDOUT &&
    {{TXENABLE}
    !
    {!TXDOUT;

    !TXDATAWR; TXLASTBIT && !TXDATAWR}


    !TXENABLE; (TXDOUT && !TXENABLE)[*6];
    !TXENABLE}[*];
    |
    (TXDOUT && !TXENABLE)[*0..6]; TXENABLE}}});!
    12
    FMICS'2013

    CASE STUDY
    Informal

    vs formal requirements

    The signal AbortFound shall be set high when the reception


    of an abort sequence is detected. When exactly?
    When SendAbort gets active, the transmitter shall abort the
    frame by transmitting at least seven consecutive 1 bits. It
    shall be followed by flags before the transmission of new
    words. Violations, due to an implicit hypothesis about the
    sampling clock for output data.
    If disabled while sending a character, the transmitter shall
    finish sending that character, followed by CRC and close
    flag before coming back to idle mode. Violations, due to
    an implicit hypothesis (no reception of data while disabled).
    13
    FMICS'2013

    CASE STUDY
    Informal

    vs formal requirements

    The transmitter shall activate the UnderRun signal and end


    the frame automatically if no new valid byte has been written
    in the input buffer on the seventh rising edge of the
    transmitter clock following the emission of the buffer empty
    signal. Violations, due to an implicit hypothesis (latency
    for the emission of UnderRun allowed).
    The receiver shall activate the signal EndOfFrame when it is
    outputting the last byte of a frame. Violations, but the
    unexpected behaviour is worked around by the including
    components.

    14
    FMICS'2013

    CASE STUDY
    Characteristics

    of the generated monitors

    Synthesis performed with Synopsys Design Compiler. The target


    cell library is Dolphins SESAMEeHSvHD_TSMC_0.18um.
    15
    FMICS'2013

    CONCLUSIONS
    Overhead

    Area: 80%
    Leakage power: 72% - Dynamic power: 10%
    No impact on frequency

    Thaless

    - Summary:

    return of experience

    More bugs detected than with classical simulation


    Careful (natural language) expression of the requirements
    PSL can be considered as a way to make safer designs
    In FPGA-based prototyping, to track and detect more bugs more
    quickly
    If embedded monitors are targeted: tradeoff between design
    criticality and resource overhead

    16
    FMICS'2013

    THANKS... QUESTIONS?

    17
    FMICS'2013

    You might also like